The CNET Lounge forum

The CNET Lounge is a relaxed destination for you to discuss with your fellow members the latest happenings around tech hot topics, tech news, and tech products and gadgets found on CNET or around the Web. All topics beyond tech are welcomed as well, but please no religion or political discussions.

You are posting a reply to:Have you been the victim of a phishing scam?

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.

Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post:Have you been the victim of a phishing scam?

This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Sorry, there was a problem flagging this post. Please try again now or at a later time.

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

It never made sense that a credit card company or financial institution would ask you to update highly personal (i.e. SSN's, CC numbers, etc.) via email. The only ones I have ever received were via snail mail and an 800 number, and that is very few. Whenever I get anything from one of my "vendors" asking for anything, I go to thrie website using my contact URL. I have even called a bank manger in one case. Also, I always forward the suspect email to the legitimate institution. They almost all have a fraud link on their sites.

I get a few phishing e-mails a day. In fact, I had one in the same batch of messages with the CNET newsletter that this question was contained in. I agree that the best way to avoid them and try to stop them is to pass the scams on to the fraud address for whatever institution they're trying to impersonate. EBay and PayPal both say in their return e-mails that they report the attempt to "the proper authorities" whoever that is. At least it sounds as if something's being done!

Receiving a phishing scam is not unusual. It happens quite often. A nice official letter from some well known "Bank" or from "e-Bay" or from "Pay-Pal" arrives almost daily. The "phool" is the person who answers this e-mail with out making sure the letter is genuine.I personally don't know of any legitimate company that requests any personal or confidential information thru an e-mail.There should be one simple rule when you receive one of these phishing expeditions: THROW IT OUT.

Most of the scams I receive are from places I don't have an account with. For those that I do I would open a new browser if the email appeared to be legitimate. Most places I deal with use my name in an email. It's always best to exercise caution.

I have received approaches from banks I have never heard of, and from E-bay, with whom I don't have an account. They are so apparently fraudulent, that even one from a bank I know would be questioned.

OT - the other day I received two successive "alarm" messages of a similar type telling me that my email account had been frozen, and if I opened the virus attachment, I would find out what to do next.

Shortly before the term phishing was coined, I received a phishing attempt email. I didn't fall for it for one reason. I always notice the URL and it wasn't a normal, yes it had ebay in it, but it had some other gibberish in it as well. As a test, I put in bogus information for the login and it let me through. I immediately notified ebay, because I saw it as a potential hazard. Of course, never heard a response. So to answer the poll question. No, I have never fallen for a phishing attempt.

I was asked to "update" personal information a couple of times and when asked to note where I lived, Israel was not on the list of countries. Or the list included ONLY names of states in the U. S. A.Remembering that when I originally registered with Pay-pal and Ebay the list of countries DID include the country of my residence. I immediately shut down my computer, playing it safe hoping that my personal information was not sent out.Now I'm careful about any requests for solicited personal information that I did not specifically intiate.If my account is to be cancelled. I'll at least know that I was overly careful, but not sorry. Shmuel

I have gotten emails that state that, ''you have won a PS2, XBOX, etc.", that looked very, very, very real and I almost got it until the site wouldn't except nothing but bank debit cards. At least I was thinking enough to realise that that wasn't right! I now realise that nothing via emails are real! I delete ANY offers that come in that manner.

A common method is to use a large image that looks like text. If you are moving your cursor over the message and it's a hand, look out!

Legit companies don't send out requests for you to change your personal account information. Use some common sense, just delete any messages that ask you for personal information! If it's a site you do business with and are concerned, contact them directly.

I too became suspicious when I received an e-mail from e-bay about activity on my account with a link to update my information. Luckily I remembered reading that e-bay would never ask me to update that info via e-mail and I promptly reported it and received a reply that indeed it was a fradulent e-mail. I have also received e-mails from citi card as well. To all those out there, when in doubt report it!

By the time I got a phishing e-mail, I had already heard and learnd about the subject.The one's I got I've send to Paypal or Ebay, they were for me obviously bad guy e-mails.Beside of phishing e-mail I got a number of times e-mail about millions that should go out of there country. Also that subject was already known by me, so I did only a delete action of that e-mail.From now on I'll also do what has been advised by all of those who has reacted on the question "How to recognize and avoid phishing scams".Thanks !I'll spread, after translating into dutch, it hier in the Netherlands and hope to get reactions about where in the Netherlands I can force legal action of the authorities by reporting these criminal actions.Johan Pronk

I use Mailwasher to screen my e-mail so 99% never even gets to my inbox. Should something look real I call the company or e-mail them FROM THEIR WEB SITE and ask. Beware of Targeted Attacks that contain some personal information, like your acct #. Some Phishers are targeting people they have some info on trying to get more.

Mailwasher allows me not only to see text of an e-mail but to bounce it back so it looks like the address is no good (no I don't work for them).

1 I never respond to the messages.2 I never go to the websites until I am ready to do business . . . just in case there a redirect in place.3 I only use my bookmarked addresses to go to the website.4 In case bookmarks fail, I keep addresses with coded passwords in Splash ID.5 I use Privacy Eraser on my computer to regularly clean history and such.6 I use Trend AntiVirus and report all suspicious emails and block senders.

Then when a virus modifies your hosts file with a spoofed address for www.ebay.com., or www.bankamerica.com, you click on your favorite's link and think you're going where you clicked and instead you're going to a hackers website who is now capturing your login information...Unfortunatly, there is nothing you can do about these kinds of scams...My suggestion is that you set the hosts file to read-only and log into your computer with a different username and remove that username from the modify access for that hosts file. This way, you will have *some* protection from this.Edweb/gadget guru

Well, I am uncertain if I am a victim, but I certainly have had two seperate attacks on my MSN account. The whole thing was odd to me so I shot a quick response to MSN Help and was assured that the particular e-mails I had received were indeed phishing attacks.

What is REALLY stupid about this you ask? I dun't have a credit card and if I ever do any business over the internet, I send a postal money order, by snail mail.

I use a screening (MailWasher) so that a much is deleted from the server and never downloaded into my Eudora directory. Secondly, if it is one of the PayPal or Ebay phishing scams, I ususally send to their spoof address. Lastly, if I do not recognize the sender or the title is suspect, it goes to the great bit bucket.Mike

I have had so many phishing e-mails from both e-bay & paypal.I actually went to the site & filled in my details the first time.But felt strange about it,I looked around on the e-bay site & learned all about phishing mail.I now send anything I think isn't for real to them at spoof@ebay.com.au & they confirm to me if is real or not.The latest I got yesterday was to enter a competition with them,once again I was sus about it,forwarded it on & yes it was more phishing.It sems to come in many ways...Be aware to it all!!

On the other hand I rated all as phished as I have no business relations with any of them. I forwarded two recent attempts similar to those shown to the spoof address of the company. If you do so be sure to send the complete address of the sending party. It may well be bogus, but some might contain some clues.

I get bogus offers similar to the spoofs as regular mail telling me I have won "computer," or some other goodie. All get the bit bucket delete.

It continues because a hit rate of one in a hundred thousand can be profitable. I suspect the "marks" are more prevalent than this ratio.

During the last few weeks I have been bombarded with e-mail messages supposedly coming from my ISP in sets of three per day. They purported to be about problems with my account, security violations, or threats to cancel the account. They all have the same domain (that of my ISP), however the sender sometimes is support, or administrator, etc. about six in total.

The messages require one to answer a questionnaire that comes as a zipped attachment, where sometimes Norton Antivirus detects a virus and at other times does not.

What made me initially suspicious was the fact that living in Colombia, messages from my ISP always come in Spanish, and that all these phishing e-mails were written in English. A phone call to the ISP confirmed that the messages were not from them.